Secure your device authentication certificate keys on a TPM with Charismathics CTSS

CTSS Features

Features of Charismathics CTSS Device Authentication

Hardware Based Security

CTSS uses the built-in TPM on your PC to secure Cryptographic Keys and execute secure functions.

Support for Windows 7

Supports Windows 7 as well as Windows 8, 10 and Windows Server 2003, 2008/R2 and 2012.


Supports Windows Auto-enrollment for automatic distribution of machine certificates to client devices.

Enterprise Class Solution

First introduced in 2005, and now used by some of the largest enterprises in the world.

Custom Certificate Templates

Full support for Windows Crypto API means the ability to customize certificate templates, including integrating user data.

TPM Independent

CTSS supports TPMs from all major vendors, including Infineon, Atmel, STMicroelectronics and Broadcom

Securing Device Certificate Keys

The security of device authentication requires protection of the certificate keys

CTSS ensures that keys that are associated with device certificates are securely stored in a TPM module on the device, preventing duplication and comprise of the device credentials.

Certificate based device authentication is a proven method for securing access to networks whether hardwired, wireless or through VPN. In a standard network, any device that is attached to the network has access to all network communication between other devices. A compromised device can then intercept valuable information like user credentials. By requiring a device certificate (also known as a machine certificate) to access the network, a device is prevented from accessing network information until it is properly authenticated using the strong cryptographic keys associated with the certificate.

However, with standard device certificates the cryptographic keys are stored on disk and in memory. If a device is compromised, those keys can be compromised as well.

CTSS solves this problem by ensuring that device certificates are securely stored in the TPM, and that the relevant cryptographic operations are executed only in the TPM.

Access to CTSS is provided through a dedicated Windows compliant CSP and the Charismathics TSS stack, ensuring full integration with Microsoft Windows CryptoAPI/CNG, and insuring interoperability with Windows Certificate Auto-Enrollment.

Need more information about CTSS?

Read more information on our technical support site, or contact a person.